<?php
error_reporting(7);

if (!isset($_POST[action]) AND trim($_POST[action] == "")) {
        $action = $_GET[action];
} else {
        $action = $_POST[action];
} 

if (empty($action)) {
        $action = "submit";
} 

if ($action == "submit") {
        $gzipoutput = 0;
        $templatelist = "navbar_contribute,contribute_submit";
        require "global.php";

        if ($pauserinfo[userid] == 0 OR (!$pauserinfo[cancontribute] AND !$pauserinfo[isadmin])) {
                show_nopermission(array("nopermission_reason_contribute_permission_denied"));
        } 

        cachesorts();
        $sortlist = makesortlist();

        $sortlistoptions = sortsbit();

        eval("\$navbit = \"" . gettemplate('navbar_joiner') . "\";");
        eval("\$navbit .= \"" . gettemplate('navbar_contribute') . "\";");
        eval("\$navbar = \"" . gettemplate('navbar') . "\";");

        eval("dooutput(\"" . gettemplate('contribute_submit') . "\");");
} 

if ($action == "doinsert") {
        $gzipoutput = 0;
        require "global.php";

        if ($pauserinfo[userid] == 0 OR (!$pauserinfo[cancontribute] AND !$pauserinfo[isadmin])) {
                show_nopermission(array("nopermission_reason_contribute_permission_denied"));
        } 

        $title = htmlspecialchars(trim($_POST[title]));

        $description = trim(strip_tags($_POST[description], "<a><b><i><u>"));

        $sortid = intval($_POST[sortid]);
        $author = htmlspecialchars(trim($_POST[author]));
        $contact = htmlspecialchars(trim($_POST[contact]));
        $source = htmlspecialchars(trim($_POST[source]));

        $subhead = htmlspecialchars(trim($_POST[subhead]));
        $articletext = $_POST[articletext];
        $articletext = eregi_replace("javascript", "java script", $articletext);
        $articletext = eregi_replace("vbscript", "vb script", $articletext);

        if (!pa_isset($title)) {
                show_errormessage("error_miss_article_title");
        } 
        if (!pa_isset($articletext)) {
                show_errormessage("error_miss_article_articletext");
        } 

        if (!empty($_FILES['image']['tmp_name'])) {
                $original = $_FILES['image']['name'];
                $filename = md5(uniqid(microtime(), 1));
                if (($_FILES['image']['type'] == "image/pjpeg" OR $_FILES['image']['type'] == "image/gif" OR $_FILES['image']['type'] == "image/x-png") AND copy($_FILES['image']['tmp_name'], "./upload/images/$filename")) {
                        $DB->query("INSERT INTO " . $db_prefix . "gallery (original,filename,type,size,dateline,userid)
                              VALUES ('" . addslashes(trim($original)) . "','$filename','" . addslashes($_FILES['image']['type']) . "','" . addslashes($_FILES['image']['size']) . "','" . time() . "','$pauserinfo[userid]')");
                        $imageid = $DB->insert_id();
                } 
        } 

        $author = $pauserinfo[username];
        $contact = $pauserinfo[email];
        $DB->query("INSERT INTO " . $db_prefix . "article (sortid,author,title,contact,source,description,date,imageid,editor,visible,keyword,userid)
                       VALUES ('$sortid','" . addslashes($author) . "','" . addslashes($title) . "','" . addslashes($contact) . "','" . addslashes($source) . "','" . addslashes($description) . "','" . time() . "','$imageid','" . addslashes($pauserinfo[username]) . "','" . intval($visible) . "','" . addslashes(htmlspecialchars(trim($_POST[keyword]))) . "','$pauserinfo[userid]')");

        $articleid = $DB->insert_id();

        if ($subhead == "") {
                $subhead = $title;
        } 
        $DB->query("INSERT INTO " . $db_prefix . "articletext (articleid,subhead,articletext)
                       VALUES ('$articleid','" . addslashes($subhead) . "','" . addslashes($articletext) . "')");

        $DB->query("UPDATE " . $db_prefix . "sort SET articlecount=articlecount+1 WHERE sortid IN (" . getparentsorts($sortid) . ")");

        if (!$nextpage) {
                redirect("$phparticleurl/index.php", "redirect_article_submited");
        } else {
                redirect("$phparticleurl/contribute.php?action=nextpage&articleid=$articleid", "redirect_article_nextpage");
        } 
} 

if ($action == "nextpage") {
        $templatelist = "navbar_contribute,contribute_submit";
        require "global.php";

        if ($pauserinfo[userid] == 0 OR (!$pauserinfo[cancontribute] AND !$pauserinfo[isadmin])) {
                show_nopermission(array("nopermission_reason_contribute_permission_denied"));
        } 

        $articleid = intval($_GET[articleid]);
        if (empty($articleid)) {
                show_errormessage("error_invalid_articleid");
        } 
        $article = $DB->fetch_one_array("SELECT * FROM " . $db_prefix . "article WHERE articleid='$articleid' AND userid='$pauserinfo[userid]'");
        if (empty($article)) {
                show_errormessage("error_invalid_articleid");
        } 
        // $article = validate_articleid($articleid);
        cachesorts();
        $sortlist = makesortlist();

        $sortlistoptions = sortsbit();

        eval("\$navbit = \"" . gettemplate('navbar_joiner') . "\";");
        eval("\$navbit .= \"" . gettemplate('navbar_contribute') . "\";");
        eval("\$navbar = \"" . gettemplate('navbar') . "\";");

        eval("dooutput(\"" . gettemplate('contribute_submit_nextpage') . "\");");
} 

if ($_POST[action] == "doinsertnextpage") {
        require "global.php";

        if ($pauserinfo[userid] == 0 OR (!$pauserinfo[cancontribute] AND !$pauserinfo[isadmin])) {
                show_nopermission(array("nopermission_reason_contribute_permission_denied"));
        } 

        $articleid = intval($_POST[articleid]);
        if (empty($articleid)) {
                show_errormessage("error_invalid_articleid");
        } 
        $article = $DB->fetch_one_array("SELECT * FROM " . $db_prefix . "article WHERE articleid='$articleid' AND userid='$pauserinfo[userid]'");
        if (empty($article)) {
                show_errormessage("error_invalid_articleid");
        } 

        $subhead = htmlspecialchars(trim($_POST[subhead]));

        if (strlen($subhead) > 100) {
                show_errormessage("error_article_subhead_toolong");
        } 

        $articletext = $_POST[articletext];
        $articletext = eregi_replace("javascript", "java script", $articletext);
        $articletext = eregi_replace("vbscript", "vb script", $articletext);

        $DB->query("INSERT INTO " . $db_prefix . "articletext (articleid,subhead,articletext)
                       VALUES ('$articleid','" . addslashes($subhead) . "','" . addslashes($articletext) . "')");

        if (!$nextpage) {
                redirect("$phparticleurl/index.php", "reidrect_article_submited");
        } else {
                redirect("$phparticleurl/contribute.php?action=nextpage&articleid=$articleid", "reidrect_article_nextpage");
        } 
} 

?>
